10-05-2006 09:14 AM - edited 02-21-2020 01:13 AM
I'm migrating my PIX 535 config to a new FWSM and have come across some subtle differences. For instance, I have to apply a permit for ICMP to the interfaces and secondly all traffic does not seem to be allowed from inside to outside by default. Does anyone know of a document that outlines these differences?
Thanks,
10-11-2006 10:59 AM
What is the version of software which you are using ?
10-16-2006 12:50 PM
Sorry for the late reply, I hope you read this. I'm on 2.3.4
10-16-2006 04:39 PM
ICMP to the interfaces is disabled by default.
Unlike PIX, FWSM does not allow default flow of traffic. You need to explicitly define rules for the traffic to flow.
10-16-2006 07:14 PM
Yes .. and also for getting ICMp to traverse the firewall module you need to enabled icmp inspection
fixup protocol icmp
fixup protocol icmp error
more details can be found on the admin guide
I hope it helps .. please rate it it does !!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide